Using Checks

The Checks page gives a structured security view for IAM/IT and security teams of how your company complies with best-practice configuration recommendations (“checks”) relating to identity misconfiguration, stale access, and over-privileging. This page shows a catalog of security checks that provide visibility into the preventative security posture of your applications and systems.

For example, the Enable MFA (Multi-factor Authentication) for All Users check shows the level of MFA enrollment within the organization.

Onboarding Process

The onboarding process does not require additional permissions. Start by updating check severities if necessary and disabling irrelevant checks.

To effectively engage with the Identity Posture functions, begin by exploring the Apps Overview page to identify the most vulnerable applications. Proceed to the posture page filtered by the specific application, review all failed checks, and address them individually based on their severities, categories or compliance frameworks. See Apps Overview.

Viewing the Checks Page

From the left navigation, select Identity Posture > Checks.

On the Checks page, each row represents a different check that Delinea Platform runs. These checks are based on instances of applications that are integrated with the platform.

By default, the page is sorted in descending order by check severity. You can change the sort order by clicking a column heading.

The checks are divided into categories to streamline management:

  • Authentication: Mechanisms used to verify the identity of cloud service users, systems, or processes

  • Privileged access: Management of access rights for cloud service users with elevated permissions

  • Stale access: Management of outdated or unused access rights

  • Security baseline: Base configurations of the application

  • Key management: Management of keys

The table displays basic information and the compliance frameworks relevant to each check. The Results Count column displays the number of entities (Affected Entities) that failed the check.

Best Practices for Checks

For best results, follow these recommendations.

  • Have a posture score of at least 90% for each application.

  • Solve all high severity checks within a week, medium severity checks within two weeks, and low severity checks within a month.

  • Regularly monitor the posture pages and posture scores for your connected applications to identify configuration drifts and degraded checks. Review once a week to detect any misconfigurations in a timely manner.

  • Engage your app owners in reviewing and addressing any misconfigurations.

Diagnosing Issues with the Checks Side Panel

On the Checks page, click any row in the table. The Checks side panel opens, displaying more information about the check.

General Tab

On the General tab, the Description includes the function of the check and the security motivation for remediating the Affected Entities.

Disable a Check

To disable a check, click Disable.

Disabling a check decreases your overall identity posture score. Click Disable only If your organization is unable to follow the best-practice recommendations, and is willing to accept the risk of a misconfiguration.

Change a Check's Severity

To change the severity of a check, select a different setting from the Severity drop-down menu.

Affected Entities Tab

The Affected Entities tab displays each affected entity. Click any entity to expand its panel, where you can view the detailed Description and the remediation Recommendation.

Exclude an Affected Entity from a Check

Excluding an Affected Entity from a check can change the status of the check; for example, if all entities are excluded, the check will always pass.

To exclude a specific Affected Entity from a check:

  1. Click the entity to expand its panel.

  2. Hover your cursor to the left of the up caret, click the three dots, then select More actions.

  3. Select Exclude from the drop-down menu. Excluded entities are moved to the Excluded list.

To include an entity that is currently excluded, select Include.

Remediation Steps Tab

The Remediation Steps tab lists the steps recommended to remediate a failed check.